Security News

Y Purdy, CSO for Huawei USA, believes the US needs to be more active in the development of global security standards rather than being aloof. "The US has fundamentally dropped the ball when it comes to participation in global security standards," Purdy told The Register.

US cybersecurity officials on Thursday said Amazon, Google and Microsoft have enlisted to help them fight ransomware and defend cloud computing systems from hackers. The tech giants are among firms signed on to be part of a Joint Cyber Defense Collaborative intended to combine government and private skills and resources to fight hackers, according to the Cybersecurity and Infrastructure Security Agency.

SolarWinds is urging a US federal judge to throw out a lawsuit brought against it by aggrieved shareholders who say they were misled about its security posture in advance of the infamous Russian attack on the business. Financial newswire Reuters reported that the suit was originally filed over allegations that former SolarWinds chief exec Kevin Thompson cut cybersecurity efforts in the hope of driving greater dividends into the pockets of major investors, Silver Lake and Thoma Bravo, who each reportedly held around 40 per cent of SolarWinds' stocks at the time.

DDoS attacks are a nuisance to be sure, but they're also used in a variety of ways that make them a severe threat, says Atlas VPN. DDoS attack data presented by Atlas VPN found that attackers prefer the United States and the computers and internet sectors as targets. In June 2021 alone, more than a third of DDoS attacks worldwide targeted servers in the U.S. DDoS attacks involve using a massive number of internet-connected machines and devices to flood a target server, rendering it unable to keep up with traffic and either making it unusable or taking it offline.

Zoom, the videoconferencing firm, has agreed to settle a class-action US privacy lawsuit for $85 million, it said Sunday. The suit charged that Zoom's sharing of users' personal data with Facebook, Google and LinkedIn was a breach of privacy for millions.

Bug hunters who want to help the US federal government secure their online assets can now source all the relevant information from a vulnerability disclosure policy platform offered by the Cybersecurity and Infrastructure Security Agency. "Through this crowdsourcing platform, Federal Civilian Executive Branch agencies will now be able to coordinate with the security research community in a streamlined fashion and those reporting incidents enjoy a single, usable website to facilitate submission of findings. The platform encourages collaboration and information sharing between the public and private sectors by allowing uniquely skilled researchers to submit vulnerability reports, which agencies will use to understand and address vulnerabilities that were previously unidentified," Eric Goldstein, Executive Assistant Director for Cybersecurity, CISA, explained.

Huawei has decided to school America on cyber-security, and its lesson is to co-operate with China so its vendors - including Huawei - can be trusted around the world. Purdy, a former White House adviser on cyber security, makes some decent points - especially when pointing out that the Executive Order is only binding on federal agencies and their private sector suppliers.

The US Department of Justice says that the Microsoft Office 365 email accounts of employees at 27 US Attorneys' offices were breached by the Russian Foreign Intelligence Service during the SolarWinds global hacking spree. Even though other districts were also affected by the attacks to a lesser degree, the Russian SVR state hackers managed to breach the O365 email accounts of at least 80 percent of employees from US Attorneys' offices located in the Eastern, Northern, Southern, and Western Districts of New York.

US President Joe Biden today issued a national security memorandum designed to help strengthen the security of critical infrastructure by setting baseline performance goals for critical infrastructure owners and operators. It directs the Department of Homeland Security's CISA and the Department of Commerce's NIST, in collaboration with other federal agencies, to develop cybersecurity performance goals and guidance for critical infrastructure orgs.

The Biden administration is taking steps to harden cybersecurity defenses for critical infrastructure, announcing on Wednesday the development of performance goals and a voluntary public-private partnership to protect core sectors. The actions, outlined in an order from President Joe Biden, are an acknowledgment of the cybersecurity vulnerabilities of critical industries - a reality made clear by the May hack of the nation's largest pipeline, which delivers about 45% of the fuel consumed on the East Coast.